> My opinion is that, yes, it is a real and practical attack, and it
> could be prevented by full deployment of DNSSEC. (Deploying IPv6 would
> help, too, for the reasons explained here.)
you may want to defend against it this decade
randy